基于转发关系推断的公共解析器任播节点枚举方法  

作　　者：许成喜 施凡 张允义 刘保君 张先国 李振汉 王宇轩 XU Chengxi;SHI Fan;ZHANG Yunyi;LIU Baojun;ZHANG Xianguo;LI Zhenhan;WANG Yuxuan(College of Electronic Engineering,National University of Defense Technology,Hefei 230037,China;Anhui Province Key Laboratory of Cyberspace Security Situation Awareness and Evaluation,Hefei 230000,China;Institute for Network Sciences and Cyberspace,Tsinghua University,Beijing 100084,China;Cyberspace Institute Co.,Ltd of China Electronics Technology Group Corporation,Beijing 100043,China)

机构地区：[1]国防科技大学电子对抗学院,安徽合肥230037 [2]网络空间安全态势感知与评估安徽省重点实验室,安徽合肥230000 [3]清华大学网络科学与网络空间研究院,北京100084 [4]中电网络空间研究院有限公司,北京100043

出　　处：《通信学报》2024年第S2期7-15,共9页Journal on Communications

基　　金：国家社会科学基金资助项目(No.2023-SKJJ-C-063)。

摘　　要：为了解决任播节点枚举所需测量资源多、成本高、召回率低等问题,针对采用任播技术部署的公共解析器,提出了一种基于转发关系推断的任播节点枚举方法。基于转发器与公共解析器之间存在内生转发关系的观察,将海量转发器转化成公共解析器任播节点测量的观测节点;然后,通过多轮次迭代执行转发关系测量、间接递归解析器聚合和转发器关联等步骤,推断转发器与公共解析器服务地址之间的转发关系,实现公共解析器任播节点的螺旋式枚举。以Google公共解析器公开数据为基准数据集,实验结果表明,所提方法仅需一台测量节点即可召回62.5%的Google公共解析器任播节点机场代码,与已有方法相比,在测量节点需求降低3~4个数量级的条件下,任播节点机场代码召回率提升了22.92个百分点。In order to solve the problems of high measurement resources needed,high cost,and low recall rate for anycast enumeration,an anycast enumeration method based on forwarding relationship inference was proposed for anycastbased public DNS resolvers.Based on the observation of the endogenous forwarding relationship between open forwarders and public DNS resolvers,a massive number of open forwarders were transformed into vantage points in measuring public DNS resolvers’anycast instances;Then,through multiple iterations of forwarding relationship measurement,indirect resolver aggregation,and forwarder correlation,the forwarding relationship between forwarders and the DNS resolvers’service addresses was inferred,achieving a spiral enumeration of public parser anycast nodes.Using the publicly available data of Google Public DNS as the benchmark dataset,the experimental results show that the proposed method only requires one measurement machine to recall 62.5%of the airport codes of Google Public DNS’s anycast instances.Compared with existing methods,the recall rate of anycast instance airport codes has increased by 22.92%under the condition of reducing the demand for measurement nodes by 3-4 orders of magnitude.

关 键 词：公共解析器 任播节点枚举 转发关系 迭代算法 低成本 

分 类 号：TP393.4[自动化与计算机技术—计算机应用技术]